Closed JackandBlackLLL closed 4 years ago
Since wildcard detection is listed as a todo, this feature is not yet implemented. In case you perform reconnaissance scans, it is worth to have a look at shuffledns, which is a wrapper around massdns improving usability and supporting wildcard detection.
But using shuffledns
we need one more step to get the final IP, because it doesn't provide with IPs output, so
shuffledns
I get a list of subdomains with other scripts. After that I get DNS records and based on this I get valid subdomains. But often I get a lot of false results, in particular because of the fact that the subdomain has a wildcard configured on the domain. How to enable the function of checking the wildcard subdomains so that I get cleaner results that exclude the wildcard subdomains? I see massdns have this function "Add wildcard detection for reconnaissance"